Presentation is loading. Please wait.

Presentation is loading. Please wait.

Metis Calibration Workshop

Published byTabitha Nichols Modified over 6 years ago

Similar presentations

Presentation on theme: "Metis Calibration Workshop"— Presentation transcript:

1 Metis Calibration Workshop
Off-pointing and FDIR Metis Calibration Workshop Firenze, Italy – September 28-29, 2017 Marco Romoli Dip. di Fisica e Astronomia, Università di Firenze, ;

2 Metis off-pointing limits
The Metis coronagraph operates under the assumption that the solar disk is completely occulted. Some coordinated Solar Orbiter science plans, however, require: - re-point to off-center solar regions, or near the solar limb - target region tracking across the solar disk S/C manoeuvres with S/C attitude perturbations which can potentially expose Metis to direct Sun light illumination for a time longer than compatible with safe thermal and illumination conditions.   Metis internal autonomous safety monitoring is able to issue an emergency flag to the S/C to close the HS door if the safe off-pointing limit is exceeded.

3 Metis off-pointing requirements
From EID-B: METIS : For all planned operations for which an off-pointing angle may exceed 30 arcmin or βMAX when βMAX > 30 arcmin, for more than 30 minutes, then the HS door shall be closed METIS : Metis requires that the S/C commands the external door closure when a dedicated and specific emergency flag is set in Metis telemetry (e.g. via service 5,x or service 3,25 parameter) METIS : Opening and closure of Metis HS door are proposed by Metis PI and executed by MOC whenever safety conditions are respected

4 Metis off-pointing limits
IEO Angle limits

5 Definitions Metis off-pointing limits Parameter Definition
Value/Current estimate (Angles in arcmins, d in AU) αmax(d) Offset angle beyond which scientific observations are no longer possible. αmax(d) = /d βmax(d) Offset angle beyond which the solar disk starts to illuminate the detectors. βmax(d) = /d βthrm(d), tthrm βthrm is the offset angle beyond which, after a time tthrm, the temperatures in various Metis subsystem raise to levels which might lead to irreversible damage. Conversely, below this limit, Metis temperatures remain within safe ranges indefinitely. βthrm(d) = max( 30 arcmin , βmax(d) ) tthrm= 30 min Definitions

6 Operational Domains

7 Operational Domains

8 Operational Domains

9 Operational Domains

10 Some Assumptions on the Sun-Disk Monitoring (SDM) algorithm
How the algorithm works: After an acquisition, the VLDA frame is divided in 8 sectors (same as in the CME-detection algorithm); A sub-set of pixel is then selected by intersecting each sector with an annulus Rmin < r < Rmax, where r is the distance from the center of the detector; currently, these values are the same as the CME-detection algorithm. The mean value, Cmean, of these pixels in NSF sectors is then computed; currently, these sectors are not necessarily contiguous (true?). If the mean value exceeds a threshold, Cthr, then the algorithm flags this event. Further features to be implemented: (TBC) Require that the NSF sectors should be contiguous. (TBC) Let the values Rmin and Rmax be different from the CME-detection values. If the event is detected in NF frames (corresponding to a time NF × tframe) or, better, for a time tF , then an emergency flag is issued. All the parameters, Rmin, Rmax, NSF, Cthr , and NF or tF can be set by the operator.

11 HS Door scenarios: Minimizing Door closures
tthr = ttherm - tdoor 1. Metis acquiring Science data (Off-pointing < αmax) Any SDM threshold alarm immediately produces: - Instrument safing; - Flag to S/C to close the HS door. (see MET-FDIR-001) 2. SC service manoeuvres within βtherm. Any SDM threshold alarm after a time tthr produces: 3. SC service manoeuvres beyond βtherm

12 HS Door scenarios: No tthr accumulation
1. Metis acquiring Science data (Off-pointing < αmax) Any SDM threshold alarm immediately produces: - Instrument safing; - Flag to S/C to close the HS door. 2. SC manoeuvres within βtherm 3. SC manoeuvres beyond βtherm - HS Door closed

13 Summary of open issues Determine whether the high-illumination case (threshold: Fmax and/or βmax) can be treated together with the high-temperature case (βtherm and ttherm) from an operational point of view. Obtain a better characterization of the thermal environment and reaction time (βtherm and ttherm). Simulate the SDM algorithm and determine the optimal parameter space. Implement an accumulation timer (preferably as a time, tF = tthr, rather than a number of frames, NF) before FDIR is activated. Implement the default flag value during FLUCTS runs. Identify instrument subsystem not monitored by thermistors (IFA?), and define the FDIR events based on the reading of the available thermistors.

14 FDIR Failure Detection Isolation and Recovery
The following types of monitoring will be implemented: Checks of housekeeping status parameters against expected values. Examples include: power status, flags indicating results of built-in checks, parameters representing the internal mode for intelligent units. Checks of analogue housekeeping parameters against upper and lower limits of the range of allowed values. Typical parameters: internal and external temperatures, power supply current, internal converter voltages. Many parameters in this category are specific to individual units and are mentioned in the examples of monitoring criteria below. Continuity checks verify the change of the output of a sensor between consecutive measurement cycles against a range of plausible values. The checks can be used to detect unexpected sudden variations of measured values or spikes, both of which can be caused by sensor or interface failures. Frozen output (or “stay alive”) checks. This type of monitoring can be applied to parameters representing counters or time tags which must be updated with a certain frequency by the units. All such parameters must change value with a certain frequency and frozen values therefore indicate a failure of either the unit or the interface with the MPPU. Frozen output checks can also be applied to the output of sensors if the intrinsic variations of the signal measured by the unit or noise in the apparent output limit the time during which the output can remain constant. ( To be verified ) Only the expected value checks and range checks can be implemented directly as Service 12 monitoring criteria. Other types of monitoring must be implemented within individual subsystem applications. This approach allows the ground to use a consistent interface for controlling the monitoring criteria, since the parameters that define the frequency of the check and the filtering will still be available in standard monitoring tables. Once a possibly anomalous conditions is detected an Event is raised marked by a Report Identifier (RID) which univocally identifies the condition. It shall be defined a RID-Event Table to define a relationship between the RIDs and the Events. The RID is the entry point in the RID-Event Table identifying and issuing proper recovery action. The Event univocally identifies one (sequence of) recovery actions. Note that more than one Monitoring Item and RID can be associated to a unique Event.

15 FDIR Failure Detection Isolation and Recovery
The following types of monitoring will be implemented: Checks of housekeeping status parameters against expected values. Checks of analogue housekeeping parameters against upper and lower limits of the range of allowed values. Continuity checks verify the change of the output of a sensor between consecutive measurement cycles against a range of plausible values Frozen output (or “stay alive”) checks. Once a possibly anomalous conditions is detected an Event is raised marked by a Report Identifier (RID) which univocally identifies the condition. It shall be defined a RID-Event Table to define a relationship between the RIDs and the Events. The RID is the entry point in the RID-Event Table identifying and issuing proper recovery action. The Event univocally identifies one (sequence of) recovery actions. Note that more than one Monitoring Item and RID can be associated to a unique Event. The following types of monitoring will be implemented: Checks of housekeeping status parameters against expected values. Examples include: power status, flags indicating results of built-in checks, parameters representing the internal mode for intelligent units. Checks of analogue housekeeping parameters against upper and lower limits of the range of allowed values. Typical parameters: internal and external temperatures, power supply current, internal converter voltages. Many parameters in this category are specific to individual units and are mentioned in the examples of monitoring criteria below. Continuity checks verify the change of the output of a sensor between consecutive measurement cycles against a range of plausible values. The checks can be used to detect unexpected sudden variations of measured values or spikes, both of which can be caused by sensor or interface failures. Frozen output (or “stay alive”) checks. This type of monitoring can be applied to parameters representing counters or time tags which must be updated with a certain frequency by the units. All such parameters must change value with a certain frequency and frozen values therefore indicate a failure of either the unit or the interface with the MPPU. Frozen output checks can also be applied to the output of sensors if the intrinsic variations of the signal measured by the unit or noise in the apparent output limit the time during which the output can remain constant. ( To be verified ) Only the expected value checks and range checks can be implemented directly as Service 12 monitoring criteria. Other types of monitoring must be implemented within individual subsystem applications. This approach allows the ground to use a consistent interface for controlling the monitoring criteria, since the parameters that define the frequency of the check and the filtering will still be available in standard monitoring tables. Once a possibly anomalous conditions is detected an Event is raised marked by a Report Identifier (RID) which univocally identifies the condition. It shall be defined a RID-Event Table to define a relationship between the RIDs and the Events. The RID is the entry point in the RID-Event Table identifying and issuing proper recovery action. The Event univocally identifies one (sequence of) recovery actions. Note that more than one Monitoring Item and RID can be associated to a unique Event.

16 FDIR Isolation/Recovery
FDIR autonomous actions are divided on the base of the impact of the detected anomalies on the instrument functions, according to the following possible consequences classification: Permanent loss of whole instrument’s functions (loss of instrument) Permanent loss of a single function possibly leading to the loss of whole instrument’s functions Permanent loss of a single function, with no propagation risk Temporary loss of a single function FDIR logic of intervention depends also on the available recovery option and in particular: Switch the single affected equipment off ( VLDA, UVDA, HV to zero )  Switch all the equipments off putting Metis in SAFE condition. Switch Metis Off The mapping of Metis instrument level failures to the Solar Orbiter provided failure severity categories is derived and shown below Decision on resuming of operation must be taken from Ground operations The following types of monitoring will be implemented: Checks of housekeeping status parameters against expected values. Examples include: power status, flags indicating results of built-in checks, parameters representing the internal mode for intelligent units. Checks of analogue housekeeping parameters against upper and lower limits of the range of allowed values. Typical parameters: internal and external temperatures, power supply current, internal converter voltages. Many parameters in this category are specific to individual units and are mentioned in the examples of monitoring criteria below. Continuity checks verify the change of the output of a sensor between consecutive measurement cycles against a range of plausible values. The checks can be used to detect unexpected sudden variations of measured values or spikes, both of which can be caused by sensor or interface failures. Frozen output (or “stay alive”) checks. This type of monitoring can be applied to parameters representing counters or time tags which must be updated with a certain frequency by the units. All such parameters must change value with a certain frequency and frozen values therefore indicate a failure of either the unit or the interface with the MPPU. Frozen output checks can also be applied to the output of sensors if the intrinsic variations of the signal measured by the unit or noise in the apparent output limit the time during which the output can remain constant. ( To be verified ) Only the expected value checks and range checks can be implemented directly as Service 12 monitoring criteria. Other types of monitoring must be implemented within individual subsystem applications. This approach allows the ground to use a consistent interface for controlling the monitoring criteria, since the parameters that define the frequency of the check and the filtering will still be available in standard monitoring tables. Once a possibly anomalous conditions is detected an Event is raised marked by a Report Identifier (RID) which univocally identifies the condition. It shall be defined a RID-Event Table to define a relationship between the RIDs and the Events. The RID is the entry point in the RID-Event Table identifying and issuing proper recovery action. The Event univocally identifies one (sequence of) recovery actions. Note that more than one Monitoring Item and RID can be associated to a unique Event.

17 FDIR Managed by the S/C

18 FDIR Managed by the S/C In short:
If recovery cannot be completed by a single action or telecommand, the recovery will be performed by the S/C via an OBCP (On Board Computer Procedure). OBCP-5 -> Raise CE or ME Temp + Safe Metis VLDA Temp. sensor low (raise CE) UVDA Temp. sensor low (raise ME) OBCP-4 -> Safe Metis & Close Door Sun Disk Flag VLDA Temp. sensor high UVDA Photon Counting Unit OBCP-3 -> Safe + Switch Off Metis & Close Door MPPU, CPC, VLDA and UVDA temperatures out of range OBCP-2 -> SetUp + HVU volt = 0 & UVDA Off HVU voltage out of range UVDA , UVDA FPGA and HVU Temp. sensor high OBCP-1 -> SetUp + VLDA Off VLDA voltage out of range VLDA FPGA Temp. sensor high

19 FDIR Managed by Metis

20 FDIR Managed by Metis In short:
If recovery can be completed by a single action or telecommand, the recovery will be performed internally by Metis. Safe Metis CPC, MPPU, UVDA and VLDA Voltage out of range Telecommand broken link Set LED Current = 0 LED current high

Download ppt "Metis Calibration Workshop"

Similar presentations

Copyright, 2006: Invisible Service Technicians, LLC Invisible Service Technicians, LLC Invisible Service Technician Monitor Activation Process: IST MaintSelectionV3.php.

Copyright, 2006: Invisible Service Technicians, LLC Invisible Service Technicians, LLC Invisible Service Technician Monitor Activation Process: IST MaintSelectionV3.php.
Aqua MODIS Cold FPA Performance and Operation MODIS Characterization Support Team (MCST) April 25, 2012.

Aqua MODIS Cold FPA Performance and Operation MODIS Characterization Support Team (MCST) April 25, 2012.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
Status update of ASM on Swarm Charlie Swarm 4th DATA QUALITY WORKSHOP 2 December 2014 GFZ Potsdam Jean-Michel Léger.

Status update of ASM on Swarm Charlie Swarm 4th DATA QUALITY WORKSHOP 2 December 2014 GFZ Potsdam Jean-Michel Léger.
Getting Started Product Description Setting Parameters How does it work Wiring Diagram.

Getting Started Product Description Setting Parameters How does it work Wiring Diagram.
Rosetta Magnetic Field PDS Review B. J. Anderson.

Rosetta Magnetic Field PDS Review B. J. Anderson.
1 Manufacturing Process A sequence of activities that is intended to achieve a result (Juran). Quality of Manufacturing Process depends on Entry Criteria.

1 Manufacturing Process A sequence of activities that is intended to achieve a result (Juran). Quality of Manufacturing Process depends on Entry Criteria.
In this presentation you will:

In this presentation you will:
PHEOS PSRR Concept of Operations. 2 Scope The purpose of the PCW-UVI Concept of Operations (ConOps) is to communicate how mission systems will operate,

PHEOS PSRR Concept of Operations. 2 Scope The purpose of the PCW-UVI Concept of Operations (ConOps) is to communicate how mission systems will operate,
Establishing IV&V Properties Steve Raque, NASA IV&V Facility Dr. Doron Drusinsky, Naval Postgraduate School 9/4/20091Establishing IV&V Properties.

Establishing IV&V Properties Steve Raque, NASA IV&V Facility Dr. Doron Drusinsky, Naval Postgraduate School 9/4/20091Establishing IV&V Properties.
Dale E. Gary Professor, Physics, Center for Solar-Terrestrial Research New Jersey Institute of Technology 1 3/16/2012OVSA Preliminary Design Review.

Dale E. Gary Professor, Physics, Center for Solar-Terrestrial Research New Jersey Institute of Technology 1 3/16/2012OVSA Preliminary Design Review.
Chandra X-Ray Observatory CXC Paul Plucinsky CUC September 2007 1 1.Overall Status of the Instrument 2.Update on Controlling the FP Temperature ACIS Ops.

Chandra X-Ray Observatory CXC Paul Plucinsky CUC September Overall Status of the Instrument 2.Update on Controlling the FP Temperature ACIS Ops.
CXC EPHIN Status and Alternatives Michael Juda. CXC EPHIN StatusPage 2 Outline 1.EPHIN description 2.Thermal issues 3.+27V rail anomaly and impacts 4.Operations.

CXC EPHIN Status and Alternatives Michael Juda. CXC EPHIN StatusPage 2 Outline 1.EPHIN description 2.Thermal issues 3.+27V rail anomaly and impacts 4.Operations.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Page 1HMI Team Meeting – January 26, 2005 HMI Mission Operations Rock Bush HMI Stanford Program Manager Stanford University

Page 1HMI Team Meeting – January 26, 2005 HMI Mission Operations Rock Bush HMI Stanford Program Manager Stanford University
Adaptive Signal Processing Class Project Adaptive Interacting Multiple Model Technique for Tracking Maneuvering Targets Viji Paul, Sahay Shishir Brijendra,

Adaptive Signal Processing Class Project Adaptive Interacting Multiple Model Technique for Tracking Maneuvering Targets Viji Paul, Sahay Shishir Brijendra,
DATA ACQUISITION Today’s Topics Define DAQ and DAQ systems Signals (digital and analogue types) Transducers Signal Conditioning - Importance of grounding.

DATA ACQUISITION Today’s Topics Define DAQ and DAQ systems Signals (digital and analogue types) Transducers Signal Conditioning - Importance of grounding.
ISUAL Long Functional Test H. Heetderks. TRR December, 20012NCKU UCB Tohoku ISUAL Long Functional Test Heetderks Basic DPU Function Verify Power on Reset.

ISUAL Long Functional Test H. Heetderks. TRR December, 20012NCKU UCB Tohoku ISUAL Long Functional Test Heetderks Basic DPU Function Verify Power on Reset.
Venus Observations HST Program 12433. Objectives v Explain Venus observing strategy. v Review areas of special concern with Venus observations and explain.

Venus Observations HST Program Objectives v Explain Venus observing strategy. v Review areas of special concern with Venus observations and explain.
Introduction to Statistical Quality Control, 4th Edition

Introduction to Statistical Quality Control, 4th Edition

Similar presentations

Ads by Google